Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

User ACS for query AD

Hi Expert,

I have some question about user ACS for query AD. User-id that ACS use for query AD have to be unlock and never expire use-id ? If user-id is locked, ACS still can query as normally? Thank you for sharing.

3 REPLIES

User ACS for query AD

No the account that connects to ACS to AD is only there to join the domain (create the computer account) if the account is locked it will still be able to authenticate users successfully. However, if the services are ever disrupted or the AD configuration is removed and then re-added then the ability to join the domain will fail.

thanks,

Tarik Admani

Tarik Admani *Please rate helpful posts*
Community Member

User ACS for query AD

Hi Tarik Admani,

Many thanks for reply. This information don't depend on ACS version, correct? I current use ACS 4.2

User ACS for query AD

Wow, i should have caught that and assumed this was for 5.x. So ACS 4.2 operates differently, it has to be installed on a machine that is joined to your domain. ACS for windows has to run on a server that is a part of your domain or the remote agent has to run to on a machine that is a member of your domain, once the machine is joined to the domain then it should work fine. If you delete the account from AD or you decide to leave the domain through the workstation itself then you will have to provide the domain admin credentials again in order to join one more time.

Tarik Admani *Please rate helpful posts*
350
Views
0
Helpful
3
Replies
CreatePlease to create content